<?php
require 'db.php'; // 假设此文件包含数据库连接
require 'vendor/autoload.php'; // 引入 Composer 自动加载器

use Firebase\JWT\JWT;
use Firebase\JWT\Key;

$secretKey = 'your_secret_key'; // 自己的密钥

if (!isset($_COOKIE['token'])) {
    header('Location: index.php');
    exit();
}

$jwt = $_COOKIE['token'];

try {
    $decoded = JWT::decode($jwt, new Key($secretKey, 'HS256'));
    $username = $decoded->data->username;
    $role = $decoded->data->role;
} catch (Exception $e) {
    echo json_encode([
        'error' => '访问被拒绝: ' . $e->getMessage()
    ]);
    exit();
}

if($role!=="admin"){
    header('Location: profile.html');
    exit();
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $article_id = $_POST['id'];
    $action = $_POST['action'];

    $status = ($action === 'approve') ? 'approved' : 'rejected';

    $stmt = $conn->prepare("UPDATE articles SET status = ? WHERE id = ?");
    $stmt->bind_param("si", $status, $article_id);

    if ($stmt->execute()) {
        header('Location: admin_review.php');
        exit();
    } else {
        echo "Error: " . $conn->error;
    }

    $stmt->close();
    $conn->close();
} else {
    header('Location: admin_review.php');
    exit();
}
?>
